add link to key attestation library
This commit is contained in:
parent
b96df9c32f
commit
4eb320eca9
@ -57,14 +57,15 @@
|
|||||||
with hardware attestation and fall back to the Play Integrity API or do both and
|
with hardware attestation and fall back to the Play Integrity API or do both and
|
||||||
accept either passing as success.</p>
|
accept either passing as success.</p>
|
||||||
|
|
||||||
<p>Our <a href="https://github.com/GrapheneOS/Auditor">MIT / Apache 2 licensed Auditor
|
<p>Google provides a <a href="https://github.com/google/android-key-attestation">key
|
||||||
app</a> can be used a reference implementation for verifying hardware-based
|
attestation library</a> with examples. Our <a href="https://github.com/GrapheneOS/Auditor">MIT
|
||||||
attestations. There are some subtleties in the verification process such as making
|
/ Apache 2 licensed Auditor app</a> can be used a reference implementation for
|
||||||
sure only the 2nd certificate in the chain (the one signing the certificate for the
|
verifying hardware-based attestations. There are some subtleties in the verification
|
||||||
key generated by your app) has an attestation extension to prevent making a fake
|
process such as making sure only the 2nd certificate in the chain (the one signing the
|
||||||
attestation by extending the chain. You can reuse our code and simply omit support for
|
certificate for the key generated by your app) has an attestation extension to prevent
|
||||||
an app generated attestation signing key (attest key) and the other pinning
|
making a fake attestation by extending the chain. You can reuse our code and simply
|
||||||
support.</p>
|
omit support for an app generated attestation signing key (attest key) and the other
|
||||||
|
pinning support.</p>
|
||||||
|
|
||||||
<p>After verifying the signature of the attestation certificate chain and extracting
|
<p>After verifying the signature of the attestation certificate chain and extracting
|
||||||
the attestation metadata, you can enforce that <code>verifiedBootState</code> is
|
the attestation metadata, you can enforce that <code>verifiedBootState</code> is
|
||||||
|
Loading…
x
Reference in New Issue
Block a user